Google Chrome and privacy – opposing forces?

Audio transcription

The Google Chrome browser was first released in Sep 2008 as an alternative to rival browsers, to “address perceived shortcomings in those browsers and to support complex web applications”. Google also wanted a browser that could better integrate with its own web services and technologies. That last statement speaks to the heart of what Chrome is – a vehicle for implementing and supporting Google’s advertising infrastructure and products.

And if there is any doubt in anyone’s mind, Google is an advertising (and advertising facilitation) company first and foremost. It just happens to do a few other products …
many of which also relate to its advertising function in some way or another.

Question: why did Google release Chrome?

Answer: to implement and aid its advertising products and services

Question: knowing the above, why would anyone willingly use Google Chrome considering the privacy implications? how did it become so popular?

Answer: it’s complicated …

One of the primary benefits of Chrome at the outset was its performance and speed advantages over the competitors, which numbered primarily 2: Mozilla Firefox and Microsoft IE. We had already been through the US competition lawsuit against Microsoft earlier in the 2000s so IE was hamstrung by legal requirements (and quite rightly so). Mozilla Firefox was a good option but they didn’t have the inertia (or a native platform) behind them to maintain what was at one time, a healthy piece of the browser pie.

Then Chrome came along and through various circumstances, gained significant market share over a short period of time, to the point that it now has close to 60% of the worldwide market for browsers. One of those circumstances is of course Google’s inherent bundling of Chrome with the most popular mobile platform on the planet: Android.

It’s therefore important not to underestimate the impact that mobile has had on the browser market: the 2nd most used browser is Safari, and that as a result of its inclusion in iOS, the 2nd most used mobile platform. No coincidence there.

And this is why other browsers have had a hard time of it, especially Mozilla Firefox. Not having a base platform for distribution, means that users need to make a conscious decision to use an alternative to platform-native browsers. Even having more advanced functions, features and speed are not necessarily drivers for people to change. More on this later.

Considering the US government’s dogged legal attack on Microsoft for web browser monopolisation in the early 2000s, it’s surprising that Google and Apple have not received similar attention. They have clearly gained advantage in having a native platform browser in exactly the same way that Microsoft were sued for in 2001.

https://en.wikipedia.org/wiki/United_States_v._Microsoft_Corp.

Both Google and Apple have come in for legal scrutiny on both sides of the Atlantic for various items over the years, many related to security and privacy. But none of these
investigations have so far reached the level of the Microsoft lawsuit in 2001 where the platform itself was impacted.

(But the EU says “hold my beer” …)

Google have had their share of investigations/lawsuits by the EU and it’s various privacy/competition departments. These include:

The Google shopping investigation from 2009

The Android investigation from 2015

The Adsense investigation from 2013

The current and ongoing Adtech investigation

Google’s acquisition of Fitbit

Google’s online advertising practices

… and so on.

Irrespective of any legal challenges to its monopoly (incl. a current suit where Google was found to be tracking users in private/incognito mode), there are still significant
technical security and privacy considerations around Chrome.

Various tracking technologies and solutions to tracking

Many of these relate specifically to cookies and end-user browser tracking for the purpose of focused advertising. Here is a short list of technologies that I’ll touch on briefly:

Cookies:

Tracking cookies are used to track users’ web browsing habits. This can also be done to some extent by using the IP address of the computer requesting the page or the referer field of the HTTP request header, but cookies allow for greater precision.

Wikipedia

Browser fingerprinting:

The collection of a large amount of diverse and stable information from web browsers is possible for most part due to client-side scripting languages, which were introduced in the late 1990s. Today there are several open-source browser fingerprinting libraries …

Wikipedia

DNT – Do Not Track

a formerly official HTTP header field, designed to allow internet users to opt-out of tracking by websites—which includes the collection of data regarding a user’s activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.

Wikipedia

GPC – Global Privacy Control:

a proposed HTTP header field and DOM property that can be used to inform websites of the user’s wish to have their information not be sold or used by ad trackers.

Wikipedia

Cookies were the original method for tracking users on and across different sites. And they do this by setting an identifier that identifies a specific person/machine. Very simple. But once browsers started to implement mechanisms to control and sometimes eliminate these, cookies became less useful. Browser fingerprinting then started being used to perform the same or a similar function.

Browser fingerprinting can identify individuals (as cookies do) but this time by using a combination of different browser sensors – each collection of browser sensors is enough to identify individuals and then allow for focussed advertising. Just as in the case of cookies.

Trackers are the server-side components that track information relating to specific users and therefore the class of or specific advertising that needs to be delivered.

(Some) Browsers have also caught up with these mechanisms and now offer cookie control, browser fingerprinting prevention and tracking prevention. This means that focused advertising is now (again) becoming more difficult.

One of the issues with Chrome (and its various offshoots) is that it’s been slow to implement the above privacy controls for obvious reasons – Google does not want to impact its main revenue stream – advertising.

Here we have the problem statement:

Web tracking is the practice by which operators of websites and third parties collect, store and share information about visitors’ activities on the World Wide Web. Analysis of a user’s behaviour may be used to provide content that enables the operator to infer their preferences and may be of interest to various parties, such as advertisers. Web tracking can be part of visitor management.

And there’s the rub: “may be of interest to various parties, such as advertisers”

We know of course that it’s not a “may be of interest” but more of “is of interest”. Cookies have been the primary method of user tracking for the purposes of targeted advertising over the last decade. Full stop. No need to look any further.

But cookies, and associated browser fingerprinting technologies, have come in for scrutiny and inspection by privacy groups, and others, over the last few years due to the flagrant misuse of this function by the advertising industry and the corresponding privacy concerns.

To the extent that Firefox (amongst other browsers and browser technologies) has implemented specific features to curtail (and sometimes outright block) the use of cookies, browser fingerprinting and tracking.

It’s no surprise either that Ublock Origin (and similar addons/plugins), a privacy protection tool, is one of the most popular browser add-ons ever.

It’s also quite incredible to see the invasiveness of 3rd party tracking once you start delving into this topic – one can make use of a website and tool like Collusion to see the spider-web of connections every website, you visit, makes via trackers. And to be clear, this is in essence a sharing of your browsing and personal data with 3rd parties, primarily for the purposes of advertising, most of the time without your input or agreement.

Not only are there privacy implications, but security as well. Malvertising is a popular form of malware distribution.

Cookies

Let’s have a quick discussion on 1st and 3rd party cookies.

1st party cookies are those which are stored in your browser for sites that you directly visit. Cookies can be useful including storing some details about your account on a website that allows that website to log you in automatically on subsequent visits. They can aid in remembering passwords, store data about you for the site and allocate preferences for your use of the site. Generally, 1st party cookies are deemed benign and even useful.

3rd party cookies are however another ball-game completely. These are tracking codes that are placed on a web visitor’s computer after being generated by another website other than site the visitor actually went to.

If you’re an advertiser, third-party cookie data allows you to learn about your web visitor’s overall online behaviors, such as websites they frequently visit, purchases, and interests that they’ve shown on various websites. With this detailed data, you can build robust visitor profiles. With all of this data, you can then create a retargeting list that can be used to send ads to your past visitors or people with similar web profiles.

It’s this 3rd party cookie that is mostly under the spotlight. To such a degree, and as mentioned previously, that some browsers and add-ons have implemented methods to block 3rd party (also known as cross-site) cookies completely.

As discussed previously, there have been various specifications and projects to address the issue of tracking (including DNT, GPC, etc.) but none have really caught on due in part to a lack of legal enforcement and Google’s reluctance to implement these. Considering Chrome’s market share, it’s lack of support for a standard generally means that said standard won’t gain traction.

(There’s an entire sub-section of concern relating to Google’s participation in the W3C, the standards-setting organisation that decides how the web should work. That’s a story for another day).

So what are your options?

  • an alternative browser that provides privacy features
  • a browser extension that provides privacy features
  • switch off cookies completely

Mozilla Firefox

Here are some of the features implemented in Firefox to control cookies and tracking:

Enhanced tracking protection – automatically protects your privacy while you browse. It blocks trackers that follow you around online to collect information about your browsing habits and interests without breaking site functionality. It also includes protections against harmful scripts, such as malware that drains your battery.

SmartBlock for enhanced tracking protectionSmartBlock stands in for common tracking scripts, which are blocked by private browsing mode and strict tracking protection. By doing so, it lets pages load more fully, with less breakage, without you having to do anything — all while keeping those tracking scripts blocked.

Total cookie protection – builds a fence around cookies, limiting them to the site you’re on so third parties can’t use those same tracking beacons to follow you from one site to the next. For example, if you visit Facebook, Facebook won’t be able to view your activity on Etsy, One Medical or your cousin’s cooking blog later.

Ublock Origin

uBlock Origin is a free and open-source, cross-platform browser extension for content filtering—primarily aimed at neutralizing privacy invasion in an efficient, user-friendly method. As of 2024, uBlock Origin’s extension is available for several of the most widely used browsers, including: Chrome, Chromium, Edge, Opera, Firefox and all Safari releases prior to 13.

Note the list of Chrome-based browsers above supported by Ublock Origin – more information on this later.

Privacy Badger

A browser extension that automatically learns to block any tracker or ad that violates your user consent and privacy. It uses an algorithm to detect and block third-party domains that embed cookies, scripts, or fingerprinting on the web, and it does not block ads unless they are tracking you.

Chrome/Edge/Brave

Chrome has few and very basic controls regarding cookies, and then only for cookie management. Unsurprisingly, Google has been hesitant to enable any function which would impede their advertising engine, and related services industry and partnerships.

The fact is, until the day that Chrome and Internet Explorer have tracking protection built-in and turned on by default, the majority of web users will remain trackable.

Extremetech

This means that Chrome performs the worst when it comes to cookie security and related privacy concerns.

Microsoft Edge does include some 3rd party tracking protection but it’s limited compared to what Firefox and others do.

Brave, although Chrome-based like Edge, does include some good features for cookie protection including their Brave Shields and advanced privacy protections.

A quick side-track on browser extension mechanisms

uBlock Origin (and to an extent Adblock Plus) has been very popular due to its ability to manage cookies, browser fingerprinting and 3rd-party tracking.

uBlock, like all other browser extensions/add-ons/plugins, makes use of extension frameworks provided by the browser to hook into the browser and provide the additional functionality of the extension.

The main extension framework, currently supported by most browsers, is Manifest v2.

a manifest file is a file containing metadata for a group of accompanying files that are part of a set or coherent unit. For example, the files of a computer program may have a manifest describing the name, version number, license and the constituent files of the program

Wikipedia

Essentially, Manifest V2 sets the format of how an extension should be packaged for incorporation into a browser, along with what facilities in the browser that extension can interact with.

Manifest v3 is an effort by Google to reduce the functionality of extensions supposedly in the name of security and privacy (this one is ironic as we’ll see shortly). Note as well that extensions are installed into Chrome via the Chrome Web Store, in a similar way to how apps are installed on Android mobiles through the Google Play Store.

For several years now, Google has wanted to kill Chrome’s current extension system in favor of a more limited one, creating more restrictions on filtering extensions that block ads and/or work to preserve the user’s privacy.

ARS Technica https://arstechnica.com/gadgets/2022/12/chrome-delays-plan-to-limit-ad-blockers-new-timeline-coming-in-march/

ARS Technica don’t pull any punches in stating the real target for Google deprecation of Manifest V2.

What does this have to do with the issue of cookies and tracking?

Well Manifest V3 will essentially stop extensions like uBlock Origin, Adblock Plus and many other privacy controlling extensions from working in future releases of Chrome. This in an effort to prevent these extensions from providing their privacy-enforcing ability to restrict tracking and focused advertising.

Some ad blockers will try to play within these rules with the Manifest V3 version, but Google’s going to erode their effectiveness and doesn’t want to implement any of the common-sense solutions that would allow them to keep functioning at the current level.

ARS Technica

Note as well that Google is no longer accepting Manifest V2 apps into the Chrome Web Store …

Cynical much?

(Opinion: "Don't be evil" is Google's former motto, and a phrase used in Google's corporate code of conduct. I think that ship has definitely sailed.)

Other browser vendors have indicated that they will also move to Manifest V3 but will retain some features of V2 for compatibility purposes.

A new dawn of advertising?

We covered legal challenges earlier in this article, and it may be that at some point Google is forced into relaxing their stance on advertising, privacy controls and the like. There are ongoing and related lawsuits in progress …

Google knows this and so has been working on alternatives to cookie tracking for a few years now. Alternatives that will accede to legal and privacy requirements, while simultaneously allowing it to maintain its lead in the advertising market.

The results of this work includes:

  • FLoC
  • TOPICS
  • First-party sets
  • Trust tokens
  • Conversion Measurement API
  • Privacy Budgets
  • Protected Audience API

Yip, they’ve really been busy trying to come up with something that would serve both sides of the coin. As the phrase goes, “throw it at a wall and see what sticks”.

The Privacy Sandbox

The Privacy Sandbox project’s mission is to “Create a thriving web ecosystem that is respectful of users and private by default.” The main challenge to overcome in that mission is the pervasive cross-site tracking that has become the norm on the web and on top of which much of the web’s ability to deliver and monetize content has been built.

The Chromium Projects https://www.chromium.org/Home/chromium-privacy/privacy-sandbox/

Essentially Privacy Sandbox is about removing tracking cookies and replacing it with something that provides similar functionality but is privacy-respecting.

And to no one’s surprise, Google have snuck in a solution to the conundrum of not being able to track users but still being able to provide advertising.

And to an extent, they’ve actually come up with something that’s technically quite good, and simultaneously should service all sides of the fence.

The solution is called Protected Audience API (included in Privacy Sandbox) and is an evolution of their original FLoC and TOPICS mechanisms. In simple terms, the idea is to put an air gap in between the user and the advertiser by obfuscating direct information about the user but still allow some form of targeted advertising.

TOPICS allows the user’s browser to learn about the user by observing where they go on the web – all of which information is retained by and never leaves the browser. Then, through the use of the Protected Audience API, the user’s browser is able to later intelligently select the ads that its user will see. If that comes as something of a surprise, it should, since it’s certainly not the way any of this has ever worked before.

Security Now SN957

(The phrase “the browser is the operating system” has become fairly well-used in recent years. The additional work that a Chrome browser will do to implement Privacy Sandbox and its subsystems truly brings new meaning to that phrase.)

Further details on the PA API:

In the Protected Audience API, an ad auction is a collection of small JavaScript programs the browser runs on the user’s device to choose an ad. To preserve privacy, all ad auction code from the seller and buyers is run in isolated JavaScript worklets that cannot talk to the outside world.

Google

In essence, PA API is maintaining advertisers’ ability to provide customised ads to users, while respecting users’ privacy. That’s quite a balancing act, and I sincerely hope Google gets this right.

We have yet to see how this plays out, as Google has not formally implemented any of this on a large scale.

The use of Privacy Sandbox, and specifically the blocking of 3rd party cookies, was due to start earlier this month on the 4th Jan in a limited run that should affect around 1% of Chrome users globally. Google will then extend the use of Privacy Sandbox to the rest of Chrome users from June 2024 onwards.

If you’re randomly selected to try Tracking Protection, Google will notify you when opening Chrome on desktop or Android. If there are issues detected by Chrome while you’re browsing, a prompt will appear asking if you’d like to temporarily re-enable third-party cookies for the site.

The Verge https://www.theverge.com/2023/12/14/24000451/google-chrome-tracking-protection-launch-third-party-cookies-ads

Conclusion

This is a very complicated topic with various aspects, nuances and related considerations that could fill a book. And that’s clearly reflected in the length of this article. If you’re still reading (brave!), I hope I’ve given you a good overview of the issue, alternatives and possible solutions.

Google has a huge task on their hands, one that could make or break their advertising business in future. On one side, they need to play nice and respect users’ privacy with appropriate features and controls in their services and products (or governments will force them to do this). On the other hand, they need to maintain the crucial ability to provide advertising services to remain a viable option in the ad market.

It’s anyone’s guess as to how this will play out in future, but at least Google now have a solution that’s technically sound (although complex) and one that simultaneously provides for both focused advertising and privacy.

Will it blend?